The basic principles that should guide those who
are called upon to create a computer,
information or industrial network, or to secure
a pre-existing one, are the ZERO TRUST and the
MICRO SEGMENTATION of the network regardless of
its size.
The ZERO TRUST principle applies not only to the
individuals in charge, at whatever level of
security, but also and above all in the choice
and use of the security equipment that will be
used to protect the network.
Thus, one must avoid settling for a simple
application to be deployed in a replacement
server or purchased for the cause without
knowing all its characteristics and its
suitability for the needs of the application if
one wants to avoid the risk of perpetuating a
pre-existing contamination or malfunctioning of
the program.
It is also important to avoid, as far as
possible, the intervention of a third party when
using the network's functions. I am thinking
here of the Cloud, whose negative points and
associated risks are well known, or of online
file-sharing systems offered by companies
outside the network.
The principle of MICRO SEGMENTATION is intended
to limit the damage in the event that an
attacker manages to get a virus into the
network. By adhering to this principle when
designing the network security architecture, if
an attack is successful, it will only affect the
segment of the network that it has successfully
penetrated.
This principle means that connections between
computers on the same network should be avoided
and direct, unprotected access between users and
servers should be avoided.
Above all, you should not trust hyper-converged
systems that deliver everything in one program,
including your computer security. We all
remember the SolarWinds disaster.
In industrial or information networks of large
entities, departments should be separated and
access to departmental servers should be
restricted to those who need them.
With this in mind and applying these basic
principles of perfect cyber security, PT SYDECO
has created ARCHANGEL, an
INTEGRATED SYSTEM OF
DEFENCE AGAINST CYBER ATTACKS.
Hackers must penetrate a system and introduce a
virus or worm of their choice, whether it is a
Trojan horse such as EMOTET which is a
Trojan-Dropper injector whose objective is to
install other malicious objects or any other
Ransomware, such as MAZE, SODINOKIBI, REvil,
CLAP, NEMTY... to name but a few, most of which
use the double extortion system, if they want to
steal data, encrypt it to obtain a ransom or
simply to cause harm.
There are at least 7 ways to do this, almost all
of which require action on the part of the
victim. By far the most common method is social
engineering. It includes phishing (spearfishing,
smishing, vishing...) and the game is usually to
manipulate vulnerable targets into one of three
types of behaviour: clicking on a fraudulent
link, opening a malicious attachment or entering
data into a booby-trapped input field, such as a
fake login page on (what appears to be) a
corporate website.
Methods that involve manipulation of the victim
include phishing and social engineering,
infection via a compromised website, exploit
kits that provide custom malware, infected files
and application downloads, and email
applications as infection vectors.
On the other hand, victim intervention is not
necessary when cybercriminals use brute force
such as RDP (Remote Desktop Protocol) or
malicious advertising and browser intrusion of
common advertisements on websites where they can
insert malicious code that will download the
ransomware as soon as an advertisement
appears.
In all cases, the user's e-mail is the company's
entry point.
The best way to protect a computer system is to
know the means used by attackers to achieve
their goals.
This is what PT SYDECO researchers have done to
create the ARCHANGEL integrated protection
system. Of course, user education is necessary,
even indispensable, but since mistakes are
human, even the best network administrator is
not immune to an inadvertent mistake.
It is also essential to block or at least reduce
access within a company to the sites that are
most used by hackers, such as Facebook,
WhatsApp, Amazon, Apple and Netflix, which,
according to Kaspersky Security Network (KSN),
were the subject of 4.5 million, 3.7 million,
3.3 million, 3.1 million and 2.7 million
phishing attempts respectively in the period
from April to September 2020.
In these conditions, it was necessary to create
a system that protects a network against threats
(which can be a cyber attack as well as the
intervention of a man in the middle) coming from
the outside world (Internet) but also against
those coming from the network itself through the
voluntary or involuntary fault of one of its
users, whether they work within the company or
outside it.
Similarly, it has been found that protection
provided by a simple program that a user would
install in a server or PC that he/she owns or
acquires, offers no guarantee of security, as
the host device may contain a backdoor or be
already contaminated or affected by a rootkit.
This is why the ARCHANGEL integrated protection
system is installed in hardware created and
supplied by PT SYDECO.
- Can autonomously block code execution from
phishing attacks - whether that is a malicious
attachment or fileless malware executing in
memory.
- Includes, its own operating system and, in
addition to 3 firewalls, the third being
designed to prevent lateral contamination within
the same network, a honey pot, a router with IDS
and IPS, 3 intelligent agents.
- But, whereas the function of a firewall is
only to block traffic with regard to its
signature, thus preventing it from blocking
traffic when its signature is encrypted, thus
hidden, ARCHANGEL blocks the execution of all
programs, whether they are encrypted or not.
This is the reason why ARCHANGEL must be
installed after a proxi (intermediary between
the network and the internet access, usually
provided by the internet provider).
- This system, created by PT SYDECO, does not
use any keys. It is part of the system because
it protects passwords. Indeed, traditional
cryptography is based on algorithms,
mathematical functions which do not resist more
than one second to an attack by a Quantum
Computer.
- SST is not based on a mathematical method and
is therefore QUANTUM SAFE.
- SST protects the network against brute force
attacks.
- If users download SST into their work tools,
their data will also be protected by SST.
3. VPN SERVER, integrated in
ARCHANGEL
- A VPN server is integrated in the system and
is therefore protected by ARCHANGEL.
- It creates as many private tunnels as there
are connected devices, whether these devices are
end-points, servers that are not connected by
cable, smartphones, Iot,... used in the network.
- It is essential that only devices connected by
VPN can be used in the computer network
protected by ARCHANGEL.
- The systems generally used, such as Google
Drive for example, involve a third party who has
access to everything that passes through the
application. Data confidentiality is not
respected.
- Since the SydeCloud server is in the company,
no third party intervenes in the transmission of
files: the confidentiality of data passing
through the system is protected.
- The SydeCloud server itself is protected by
ARCHANGEL and SST.
CONCLUSIONS
The ARCHANGEL - SST - SydeCloud integrated
system ensures total protection of a computer
network, whether it is an industrial or
information network.
It protects work tools, both hardware and
software, against any attack from the outside
world or from within the network itself.
It protects the data, its backup and its
transmission against any attack from the outside
world or from inside the network itself or
against any breach of confidentiality.
It protects the proper functioning of the
computer network.
.png)
